feat(findmydevice): Move to new kustomize-optimised config

6cd1b35b · Sheogorath · 1b811254 · 6cd1b35b · 6cd1b35b · 1b811254
Verified Commit 6cd1b35b authored 1 year ago by Sheogorath
--- a/apps/base/findmydevice/kustomization.yaml
+++ b/apps/base/findmydevice/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: findmydevice
+commonLabels:
+  app.kubernetes.io/name: findmydevice
+buildMetadata:
+  - originAnnotations
 resources:
  - namespace.yaml
  - release.yaml
  - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
  - ../../../shared/networkpolicies/allow-from-ingress.yaml
  - ../../../shared/networkpolicies/allow-from-monitoring.yaml
-patchesStrategicMerge:
-  - networkpolicy.yaml
+components:
+  - ../../../shared/components/flux-namespace-admin
+  - ../../../shared/components/namespace-baseline
--- a/apps/base/findmydevice/namespace.yaml
+++ b/apps/base/findmydevice/namespace.yaml
@@ -2,30 +2,3 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: findmydevice
-  labels:
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: baseline
-    pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: v1.26
-    pod-security.kubernetes.io/enforce-version: v1.23
-    pod-security.kubernetes.io/warn-version: v1.26
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flux-reconciler
-  namespace: findmydevice
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: flux-reconciler
-  namespace: findmydevice
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: admin
-subjects:
-  - kind: ServiceAccount
-    name: flux-reconciler
-    namespace: findmydevice
--- a/apps/base/findmydevice/networkpolicy.yaml
+++ b/apps/base/findmydevice/networkpolicy.yaml
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-from-ingress
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: findmydevice
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-from-monitoring
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: findmydevice
--- a/apps/base/findmydevice/release.yaml
+++ b/apps/base/findmydevice/release.yaml
@@ -4,7 +4,6 @@ metadata:
  name: findmydevice
  namespace: findmydevice
 spec:
-  serviceAccountName: flux-reconciler
  timeout: 15m
  releaseName: fmd
  chart:

--- a/apps/k8s01/findmydevice/kustomization.yaml
+++ b/apps/k8s01/findmydevice/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: findmydevice
+commonLabels:
+  app.kubernetes.io/name: findmydevice
+  app.kubernetes.io/instance: findmydevice
 resources:
  - ../../base/findmydevice
  - certificate.yaml